CVE-2023-6329 Information

Description

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a \passwordCustom\ option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.

Reference

https://tenable.com/security/research/tra-2023-36